Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2014

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-2014
Last Modified 21 Aug 2010 12:23:34
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2004-2014

Summary

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

Vulnerable Systems

Application

  • Gnu Wget 1.5.3

  • Gnu Wget 1.6

  • Gnu Wget 1.7

  • Gnu Wget 1.7.1

  • Gnu Wget 1.8

  • Gnu Wget 1.8.1

  • Gnu Wget 1.8.2

  • Gnu Wget 1.9

  • Gnu Wget 1.9.1


References

XF - wget-lock-race-condition(16167)

BID - 10361

MLIST - [wget] 20040517 Re: Wget race condition vulnerability (fwd)

MLIST - [wget] 20040517 Wget race condition vulnerability (fwd)

BUGTRAQ - 20040516 Wget race condition vulnerability

UBUNTU - USN-145-1

REDHAT - RHSA-2005:771

MANDRIVA - MDKSA-2005:204

SECUNIA - 17399


Last Updated: 27 May 2016 10:39:17